Created
May 9, 2016 14:20
-
-
Save bhang/1344b4acb33d4d7d290154eb1ddededf to your computer and use it in GitHub Desktop.
Lua HMAC authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ brew tap killercup/homebrew-openresty | |
$ brew install ngx_openresty |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
location / { | |
access_by_lua ' | |
if ngx.var.http_x_auth_token ~= "Your Secret Token" then | |
return ngx.exit(401) | |
end | |
'; | |
proxy_pass http://your-upstream; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
init_by_lua ' | |
crypto = require("crypto") | |
'; | |
location / { | |
lua_need_request_body on; | |
access_by_lua ' | |
access_key = ngx.var.http_x_access_key_id | |
secret_key = some_method_that_looks_up_a_secret_key(access_key) | |
local hmac = crypto.hmac.digest("sha1", ngx.req.get_body_data(), secret_key) | |
if hmac ~= ngx.var.http_x_request_hmac then | |
return ngx.exit(401) | |
end | |
'; | |
proxy_pass http://your-upstream; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment